DavidR
5
Well php like any content management software if it isn’t fully up to date it can be vulnerable to exploit. This could be an injection into template pages or into the page when compiled.
If you are responsible for providing the PHP (or other content management) software then you have to keep it up to date, if it is down to your host provider they should keep it up to date.